- Description
- In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 7.1
- Impact score
- 4.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- nvd@nist.gov
- CWE-502
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4716654-1055-44B3-8E51-5BC0E739E0CB",
"versionEndExcluding": "2.8.50",
"versionStartIncluding": "2.8.0"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF53486E-FAAC-40B3-82CE-4EDCD2C96690",
"versionEndExcluding": "3.4.26",
"versionStartIncluding": "3.4.0"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25A92454-6E0B-4BDE-8967-BB3E32125102",
"versionEndExcluding": "4.1.12",
"versionStartIncluding": "4.1.0"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53E58B92-6D5D-4949-B75F-687F52961FDA",
"versionEndExcluding": "4.2.7",
"versionStartIncluding": "4.2.0"
}
],
"operator": "OR"
}
]
}
]